The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address
[
{
"product": "Contest Gallery – Photo Contest Plugin for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "13.1.0.6",
"status": "affected",
"version": "13.1.0.6",
"versionType": "custom"
}
]
}
]